<feed xmlns='http://www.w3.org/2005/Atom'>
<title>pm24.git/kernel/system_keyring.c, branch v3.13-rc2</title>
<subtitle>Unnamed repository; edit this file 'description' to name the repository.</subtitle>
<id>https://git.kobert.dev/pm24.git/atom/kernel/system_keyring.c?h=v3.13-rc2</id>
<link rel='self' href='https://git.kobert.dev/pm24.git/atom/kernel/system_keyring.c?h=v3.13-rc2'/>
<link rel='alternate' type='text/html' href='https://git.kobert.dev/pm24.git/'/>
<updated>2013-09-25T16:17:01Z</updated>
<entry>
<title>KEYS: Make the system 'trusted' keyring viewable by userspace</title>
<updated>2013-09-25T16:17:01Z</updated>
<author>
<name>Mimi Zohar</name>
<email>zohar@linux.vnet.ibm.com</email>
</author>
<published>2013-08-20T18:36:26Z</published>
<link rel='alternate' type='text/html' href='https://git.kobert.dev/pm24.git/commit/?id=af34cb0c3d16b46d88b661692b885d1d998a8ecb'/>
<id>urn:sha1:af34cb0c3d16b46d88b661692b885d1d998a8ecb</id>
<content type='text'>
Give the root user the ability to read the system keyring and put read
permission on the trusted keys added during boot.  The latter is actually more
theoretical than real for the moment as asymmetric keys do not currently
provide a read operation.

Signed-off-by: Mimi Zohar &lt;zohar@us.ibm.com&gt;
Signed-off-by: David Howells &lt;dhowells@redhat.com&gt;
</content>
</entry>
<entry>
<title>KEYS: Add a 'trusted' flag and a 'trusted only' flag</title>
<updated>2013-09-25T16:17:01Z</updated>
<author>
<name>David Howells</name>
<email>dhowells@redhat.com</email>
</author>
<published>2013-08-30T15:07:37Z</published>
<link rel='alternate' type='text/html' href='https://git.kobert.dev/pm24.git/commit/?id=008643b86c5f33c115c84ccdda1725cac3ad50ad'/>
<id>urn:sha1:008643b86c5f33c115c84ccdda1725cac3ad50ad</id>
<content type='text'>
Add KEY_FLAG_TRUSTED to indicate that a key either comes from a trusted source
or had a cryptographic signature chain that led back to a trusted key the
kernel already possessed.

Add KEY_FLAGS_TRUSTED_ONLY to indicate that a keyring will only accept links to
keys marked with KEY_FLAGS_TRUSTED.

Signed-off-by: David Howells &lt;dhowells@redhat.com&gt;
Reviewed-by: Kees Cook &lt;keescook@chromium.org&gt;
</content>
</entry>
<entry>
<title>KEYS: Separate the kernel signature checking keyring from module signing</title>
<updated>2013-09-25T16:17:01Z</updated>
<author>
<name>David Howells</name>
<email>dhowells@redhat.com</email>
</author>
<published>2013-08-30T15:07:30Z</published>
<link rel='alternate' type='text/html' href='https://git.kobert.dev/pm24.git/commit/?id=b56e5a17b6b9acd16997960504b9940d0d7984e7'/>
<id>urn:sha1:b56e5a17b6b9acd16997960504b9940d0d7984e7</id>
<content type='text'>
Separate the kernel signature checking keyring from module signing so that it
can be used by code other than the module-signing code.

Signed-off-by: David Howells &lt;dhowells@redhat.com&gt;
</content>
</entry>
</feed>
